package com.xhg.common.auth;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;

import javax.annotation.Resource;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.LockedAccountException;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.cache.Cache;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.SimplePrincipalCollection;
import org.apache.shiro.subject.Subject;

import com.xhg.common.Constants;
import com.xhg.model.User;

public class ShiroRealm extends AuthorizingRealm {
	
	private User userService = User.dao;

	/**
	 * 认证回调函数,登录时调用.
	 */
	protected AuthenticationInfo doGetAuthenticationInfo(
			AuthenticationToken authcToken) throws AuthenticationException {
		UserToken token = (UserToken) authcToken;
		User user=userService.Login(token.getUser());
		if(user==null){								//用户名或密码错误
			throw new UnknownAccountException();
		}
		else if(user.getInt("state")==2){			//用户未激活或被锁定
			throw new LockedAccountException();
		}
		//将用户保存至session
		Subject subject=SecurityUtils.getSubject();
		subject.getSession().setAttribute(Constants.SESSION_USER_KEY,user);//将用户保存至session
		SimpleAuthenticationInfo saInfo=new SimpleAuthenticationInfo(user.getStr("userName"),user.getStr("password"),getName());
		return saInfo;
	}
	/**
	 * 授权查询回调函数, 进行鉴权但缓存中无用户的授权信息时调用.
	 */
	protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
		User user = (User) principals.fromRealm(getName()).iterator().next();
		if (user != null) {
			SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
			List<String> roles = new ArrayList<String>();
			roles.add("管理员");
			roles.add("普通用户");
			info.addRoles(roles);
			/**
			 * RequiresPermissions：当前Subject需要拥有某些特定的权限时,才能执行被该注解标注的方法.
			 * 如果当前Subject不具有这样的权限，则方法不会被执行.
			 * 将对应角色中的权限全部添加进去
			 */
			/*for (Role role : user.getRoleList()) {
				info.addStringPermissions(role.getPermissionNameList());//添加权限代码集合
			}*/
			List<String> powerCode = new ArrayList<String>();
			powerCode.add("power_add");
			powerCode.add("user_add");
			info.addStringPermissions(powerCode);//添加权限代码集合
			return info;
		} else {
			return null;
		}
	}

	/**
	 * 更新用户授权信息缓存.
	 */
	public void clearCachedAuthorizationInfo(String principal) {
		SimplePrincipalCollection principals = new SimplePrincipalCollection(principal, getName());
		clearCachedAuthorizationInfo(principals);
	}

	/**
	 * 清除所有用户授权信息缓存.
	 */
	public void clearAllCachedAuthorizationInfo() {
		Cache<Object, AuthorizationInfo> cache = getAuthorizationCache();
		if (cache != null) {
			for (Object key : cache.keys()) {
				cache.remove(key);
			}
		}
	}

}